package com.demo.config.shiro;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authc.FormAuthenticationFilter;

import com.demo.common.kit.Ret;
import com.demo.common.kit.WebUtils;

public class LoginAccessControlFilter extends FormAuthenticationFilter {

    protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
        // 判断当前用户是否登录
        Subject subject = getSubject(request, response);
        if (subject.getPrincipal() == null && !isLoginRequest(request, response)) {
            if (WebUtils.isAjax((HttpServletRequest) request)) {
                WebUtils.writeJson(Ret.fail("status", "401").set("message", "您尚未登录或登录时间过长,请重新登录!"), response);
                return false;
            }else{
                saveRequestAndRedirectToLogin(request, response);
            }
            return false;
        }
        return true;
    }
}